Is this when validating a signed SAML Token? In this case, the warning is a bit misleading, as cert constraint validation happens in the STS itself rather than in WSS4J, where the warning is logged. You can inject a CertConstraintsParser object into the SAMLTokenValidator, which itself contains a collection of contraints on the subject DN of the signing certificate.
Colm. On Fri, May 16, 2014 at 7:59 PM, <[email protected]> wrote: > In my STS, I recently set up certificate constraints by setting > ws-security.subject.cert.constraints on my jaxws:endpoint in my CXF > config. This seems to work ok for the certificate that signs the RST > messages I send up. But when the RST contains another, non-signing > certificate - e.g., when using the Validate interface to validate a > previously issued token - I get a warning in the log stating "No Subject > DN Certificate Constraints were defined." I don't think this is an issue > so much, but it does make me wonder if there is a way to set cert > constraints for non-signing certificates? > > > Stephen W. Chappell > -- Colm O hEigeartaigh Talend Community Coder http://coders.talend.com
